Subscribe via Email

Thank You!

In (Partial) Defense of Tracking Cookies

It's easy to hate on tracking cookies. Wouldn’t life be great if browsers just shut cookies off altogether -- and kept them off? No more annoying ads! No more interruptions! No more feeling like you’re being stalked by those hiking boots you looked at last week, didn’t purchase, but now keep popping up in ads on every site you visit, begging to you to reconsider.

The whole thing is turning ugly and emotional, with both sides crying foul and taking shots at one another. To privacy advocates, advertisers and their lobbying organizations are big bad greedheads intent on ruining the web by following us around, tracking everything we do, splattering ads on every available surface, and bombarding us with messages we don’t want. To advertisers, privacy advocates are a bunch of naive anti-capitalist hippies who don’t realize that if ads go away so do all those things that are supported by ads -- like TV. And Facebook. And Google. And most of the web, for that matter.

Can't We All Just Get Along?

But let’s take a deep breath. The truth is, not all tracking is the same, and not all tracking is bad. And in our haste to block the stuff we hate, we might kill off some good stuff, too.

As Mike Volpe, the CMO at HubSpot, puts it: “The cookie is getting a bad name, but it’s just a piece of technology that can be used for good or evil.”

First, the evil: When you go to a site and some other company (a “third party”) puts a cookie on your computer and starts tracking you as you travel across other sites, “that feels like something you can’t control,” Volpe says. “That feels nefarious.”

On the other hand, there’s the kind of tracking that Amazon does, where the website knows who you are and makes fantastic recommendations. That’s called “first-party,” meaning that the cookie used to track you is put on your computer by the site you’ve visited and only tracks what you do on that one site. That kind of tracking feels magical.

One simple solution, and one that Mozilla and Apple employ, is to just block third-party cookies. That sounds good, except that if you block third-party cookies, you could end up blocking some of the good kind of tracking, too. So while the web experience might get better in some places, in others it could get worse, at least temporarily. Instead of moving forward, in some places we could be taking a step backward.

It's worth noting that HubSpot's software does not use or set third-party cookies. So if you are a HubSpot customer, HubSpot software will not set third-party cookies for any of your visitors. (As a company, HubSpot does use third-party cookies to track certain marketing initiatives, but that's a different thing.)

How We Got Here

The problem with cookies is that a lot of companies have abused their ability to track people, so much so that even the engineer who invented the original cookie says he finds tracking cookies annoying. He insists cookies were not originally intended to be used for tracking people around the web.

"One of the design elements of cookies was to discourage tracking across websites," says Lou Montulli, who is now a co-founder and chief scientist at Zetta.net, a tech company in Sunnyvale, California.

Back in 1994, Montulli was a founding engineer at Netscape when he developed a way to put a bit of data on a computer so websites could recognize returning visitors and "bring `memory' to the web," as he puts it. He dubbed his invention a "cookie," and later received a patent for the technology.

"The idea of a trail of breadcrumbs is, ironically, the opposite of what we were trying to accomplish with cookies. The third-party cookie, combined with the referrer field, is an unintended consequence of multiple technologies combining to allow something that should not have been possible," says Montulli, who recently wrote a blog post explaining the origin of the cookie.

Montulli says he doesn't like tracking cookies, but he believes we're stuck with them. "I currently believe that tracking cookies are an unpleasant thing for the web, but they are probably better than any alternative," Montulli says. "Most people don't want to be tracked for advertising purposes, but if third-party cookies are disabled, the industry will come up with another way to do it, and that way will be less under the control of the user than cookies are currently."

Disabling tracking cookies could also break other services. "The extra complication is that things like OAuth and embedded comment platforms, and a whole bunch of other useful technologies, wouldn't work properly without them," he says.

The Future

The larger point is about the kind of web we want to inhabit. We're moving (albeit in fits and starts) toward an ideal version of the web where we’d each get only the information we really want. To get there, however, we'll need to let websites learn more about us. But for now, instead of finding a way to do that, advertisers and privacy advocates are locked in a kind of cold war and can't find common ground.

But shutting off third-party cookies completely is using a blunt instrument to deal with a problem that might require a more nuanced approach.

New tools and technologies could help. Even Microsoft, which has angered advertisers by making Do Not Track the default setting in Internet Explorer, is exploring ways to let people give sites better ability to track them.

One idea, mentioned in a recent blog post by Microsoft general counsel Brad Smith, is a “permissions API” that would let people switch tracking back on for individual websites so that those sites could collect information about them, even when Do Not Track was switched on.

The End of Cookies?

No matter how things shake out in the short run, some believe that in the long run, cookies will die out and be replaced by something better. The cookie is “flawed, invasive, it’s got privacy issues, it’s going to go,” is how Paul Cimino, VP and GM of Brilig Digital Data Solutions at Merkle, put it to AdExchanger recently.

Cimino says he thinks cookies will be dead within five years. However, “at that point, it’ll be like birds chirping and flowers blooming because we’ll find some kind of value proposition that allows consumers to trust us and opt into personalization,” he says. His phrase: “Tailor, don’t target.”

Everyone who uses Amazon knows how great it can be to get really well-targeted information from a site you trust. I believe that most people would be willing to share information about themselves in order to get a better online experience, as long as they’re given control, and as long as they’re dealing with an organization they trust.

For that matter, I believe most companies feel the same way and would like to be able to send messages that are better tailored to each individual, if only because it’s a huge waste of resources to “spray and pray” messages to millions of people who don’t want to receive those messages. And also because engaging in "spray and pray" can actually damage your brand.

The good news is that at some level, both sides want the same thing, which tells me that someday we’ll get there. The bad news is, we're going to go through some rough times before we get there.

CORRECTION: A previous version of this story incorrectly stated that HubSpot software sets cookies that showed up as third-party cookies and thus might get blocked by certain browsers. That's not the case. We regret the error.